Detection-In-Depth: Out of Band Monitoring for Critical Process Parameters-Gus Serino

Channel:
United States SANS Institute
Subscribers:
64,000
Published on ● Video Link: https://www.youtube.com/watch?v=Efb-G7F_DkI


Duration: 23:21
401 views
8

In industrial processes, there are often a set of critical process parameters that are most fundamental to understand the functional status of the process. When considering the potential impacts of a malicious manipulation of the control system that includes the attacker masking their actions by altering process information being transmitted between the controller and the HMI, a possible mitigation is an “out-of-band” monitoring system to identify when the control system is misrepresenting critical process parameters to the operator.

In this technique, a 4-20mA signal isolator is used to send a copy of the critical parameter directly from the instrument signal to a separate data logger, which then communicates that signal over independent telemetry to a Data Logger Server. The both the SCADA system and the Data Logger server send the value for the same instrument to the Historian. In the historian, a comparison of the two values for what should be the same signal can be performed so alerts on deviations can be initiated.

This talk will cover that technique and then walk through a realistic attack scenario, in the context of the ICS Cyber Kill Chain, to present mechanisms to detect the attack with both traditional network and continuous security monitoring, as well as out-of-band process integrity checking. Then, response scenarios will be presented with and without this advanced detection technique to highlight the benefit of these monitoring techniques.

View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE



Other Videos By SANS Institute


2022-08-17Initial Access Merchant Offerings & Ransomware Victims: Mapping Breached Entities & Threat Actors
2022-08-17Sleeping with the Enemy: A Best Practice Guide for Attacker Engagement
2022-08-17SANS Netwars Core Tournament Version 8 Demo
2022-08-16Cyber Security Expertise - Where Should You Begin?
2022-08-11Kaseya Ransomware Reaction - Lessons Learned
2022-08-02The R Word: Retelling the Recent Rise and Resurgence of Resilient Ransomware-as-a-Service Operators
2022-07-29"Crime Time" | Rethinking Ransomware and How to Disrupt It
2022-07-27Security Conversations That Matter | Seat At The Table
2022-07-20The Anatomy of a Targeted Industrial Ransomware Attack
2022-07-19Enterprise Journey to Multicloud Security
2022-07-19Detection-In-Depth: Out of Band Monitoring for Critical Process Parameters-Gus Serino
2022-07-19I Can’t Get That Out of My Memory! A PLC’s Story About Love, Loss, and Triumph- Jeffrey Shearer
2022-07-19Making Use of All Those SBOMs-Eric Byrnes
2022-07-19Board Room Decisions: How to Use Threat-Informed Industrial Risk Management-Jason Christopher
2022-07-14SANS@Night - Blueprint Podcast Live [REPLAY]
2022-07-07Panel | Self-Management Strategies for Avoiding Burnout, Staying Healthy, and Getting Stuff Done
2022-07-06The Real STEM Sadie: Owning Your Story
2022-07-05Recruiting, Training, and Retaining Neurodivergent Talent
2022-07-01Blueprint Podcast Live
2022-07-01Learning to Heal: How Neurodivergent Adults Can Recover from Years of Educational Trauma
2022-06-30Panel | Dear Neurotypicals: What We Wish Co-Workers and Managers Knew


Tags:
sans institute
information security
cyber security
cybersecurity
information security training
cybersecurity training
cyber security training